A Black Box Tool for Robustness Testing of REST Services
| Main Author: | |
|---|---|
| Publication Date: | 2021 |
| Other Authors: | , |
| Format: | Article |
| Language: | eng |
| Source: | Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| Download full: | https://hdl.handle.net/10316/100830 https://doi.org/10.1109/ACCESS.2021.3056505 |
Summary: | REST services are nowadays being used to support many businesses, with most major companies exposing their services via REST interfaces (e.g., Google, Amazon, Instagram, and Slack). In this type of scenarios, heterogeneity is prevalent and software is sometimes exposed to unexpected conditions that may activate residual bugs, leading service operations to fail. Such failures may lead to nancial or reputation losses (e.g., information disclosure). Although techniques and tools for assessing robustness have been thoroughly studied and applied to a large diversity of domains, REST services still lack practical approaches that specialize in robustness evaluation. In this paper, we present a tool (named bBOXRT) for performing robustness tests over REST services, solely based on minimal information expressed in their interface descriptions.We used bBOXRT to evaluate an heterogeneous set of 52 REST services that comprise 1,351 operations and t in distinct categories (e.g., public, private, in-house).We were able to disclose several different types of robustness problems, including issues in services with strong reliability requirements and also a few security vulnerabilities. The results show that REST services are being deployed preserving software defects that harm service integration, and also carrying security vulnerabilities that can be exploited by malicious users. |
| id |
RCAP_0dbe0e167b3e5390b39fdee1d44b08a2 |
|---|---|
| oai_identifier_str |
oai:estudogeral.uc.pt:10316/100830 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository_id_str |
https://opendoar.ac.uk/repository/7160 |
| spelling |
A Black Box Tool for Robustness Testing of REST ServicesRESTRESTfulweb APIweb servicesrobustness testingREST services are nowadays being used to support many businesses, with most major companies exposing their services via REST interfaces (e.g., Google, Amazon, Instagram, and Slack). In this type of scenarios, heterogeneity is prevalent and software is sometimes exposed to unexpected conditions that may activate residual bugs, leading service operations to fail. Such failures may lead to nancial or reputation losses (e.g., information disclosure). Although techniques and tools for assessing robustness have been thoroughly studied and applied to a large diversity of domains, REST services still lack practical approaches that specialize in robustness evaluation. In this paper, we present a tool (named bBOXRT) for performing robustness tests over REST services, solely based on minimal information expressed in their interface descriptions.We used bBOXRT to evaluate an heterogeneous set of 52 REST services that comprise 1,351 operations and t in distinct categories (e.g., public, private, in-house).We were able to disclose several different types of robustness problems, including issues in services with strong reliability requirements and also a few security vulnerabilities. The results show that REST services are being deployed preserving software defects that harm service integration, and also carrying security vulnerabilities that can be exploited by malicious users.This work has been supported by national funds through the FCT - Foundation for Science and Technology, I.P., within the scope of the project CISUC - UID/CEC/00326/2020 and by European Social Fund, through the Regional Operational Program Centro 2020; has been supported by the European Union’s Horizon 2020 research and innovation program under the Marie Sklodowska-Curie grant agreement No 823788 (project ADVANCE); by the project MobiWise: From mobile sensing to mobility advising (P2020SAICTPAC/0011/2015), co-financed by COMPETE 2020, Portugal 2020 - Operational Program for Competitiveness and Internationalization (POCI), European Union’s ERDF (European Regional Development Fund), and the Portuguese Foundation for Science and Technology (FCT); by the European Regional Development Fund (FEDER), through the Regional Operational Programme of Lisbon (POR LISBOA 2020) and the Competitiveness and Internationalization Operational Programme (COMPETE 2020) of the Portugal 2020 framework [Project 5G with Nr. 024539 (POCI-01-0247-FEDER-024539)]; and by the TalkConnect project ‘‘Voice Architecture over Distributed Network’’ (reference: POCI-01-0247-FEDER-039676), co-financed by the European Regional Development Fund, through Portugal 2020 (PT2020), and by the Competitiveness and Internationalization Operational Programme (COMPETE 2020).2021info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttps://hdl.handle.net/10316/100830https://hdl.handle.net/10316/100830https://doi.org/10.1109/ACCESS.2021.3056505eng2169-3536Laranjeiro, NunoAgnelo, JoãoBernardino, Jorgeinfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-02-06T12:57:17Zoai:estudogeral.uc.pt:10316/100830Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T05:50:01.107276Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse |
| dc.title.none.fl_str_mv |
A Black Box Tool for Robustness Testing of REST Services |
| title |
A Black Box Tool for Robustness Testing of REST Services |
| spellingShingle |
A Black Box Tool for Robustness Testing of REST Services Laranjeiro, Nuno REST RESTful web API web services robustness testing |
| title_short |
A Black Box Tool for Robustness Testing of REST Services |
| title_full |
A Black Box Tool for Robustness Testing of REST Services |
| title_fullStr |
A Black Box Tool for Robustness Testing of REST Services |
| title_full_unstemmed |
A Black Box Tool for Robustness Testing of REST Services |
| title_sort |
A Black Box Tool for Robustness Testing of REST Services |
| author |
Laranjeiro, Nuno |
| author_facet |
Laranjeiro, Nuno Agnelo, João Bernardino, Jorge |
| author_role |
author |
| author2 |
Agnelo, João Bernardino, Jorge |
| author2_role |
author author |
| dc.contributor.author.fl_str_mv |
Laranjeiro, Nuno Agnelo, João Bernardino, Jorge |
| dc.subject.por.fl_str_mv |
REST RESTful web API web services robustness testing |
| topic |
REST RESTful web API web services robustness testing |
| description |
REST services are nowadays being used to support many businesses, with most major companies exposing their services via REST interfaces (e.g., Google, Amazon, Instagram, and Slack). In this type of scenarios, heterogeneity is prevalent and software is sometimes exposed to unexpected conditions that may activate residual bugs, leading service operations to fail. Such failures may lead to nancial or reputation losses (e.g., information disclosure). Although techniques and tools for assessing robustness have been thoroughly studied and applied to a large diversity of domains, REST services still lack practical approaches that specialize in robustness evaluation. In this paper, we present a tool (named bBOXRT) for performing robustness tests over REST services, solely based on minimal information expressed in their interface descriptions.We used bBOXRT to evaluate an heterogeneous set of 52 REST services that comprise 1,351 operations and t in distinct categories (e.g., public, private, in-house).We were able to disclose several different types of robustness problems, including issues in services with strong reliability requirements and also a few security vulnerabilities. The results show that REST services are being deployed preserving software defects that harm service integration, and also carrying security vulnerabilities that can be exploited by malicious users. |
| publishDate |
2021 |
| dc.date.none.fl_str_mv |
2021 |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
https://hdl.handle.net/10316/100830 https://hdl.handle.net/10316/100830 https://doi.org/10.1109/ACCESS.2021.3056505 |
| url |
https://hdl.handle.net/10316/100830 https://doi.org/10.1109/ACCESS.2021.3056505 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
2169-3536 |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.source.none.fl_str_mv |
reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia instacron:RCAAP |
| instname_str |
FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| collection |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) |
| repository.name.fl_str_mv |
Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia |
| repository.mail.fl_str_mv |
info@rcaap.pt |
| _version_ |
1833602488600625152 |